book

AWS Cookbook

by John Culkin, Mike Zazon

December 2021

Intermediate to advanced

358 pages

7h 41m

English

O'Reilly Media, Inc.

Book available

Read now

Unlock full access

Includes

Has Sandbox

Who This Book Is ForWhat You Will LearnThe RecipesWhat You Will NeedGetting StartedConventions Used in This BookUsing Code ExamplesO’Reilly Online LearningHow to Contact UsAcknowledgments
1.0. Introduction1.1. Creating and Assuming an IAM Role for Developer Access1.2. Generating a Least Privilege IAM Policy Based on Access Patterns1.3. Enforcing IAM User Password Policies in Your AWS Account1.4. Testing IAM Policies with the IAM Policy Simulator1.5. Delegating IAM Administrative Capabilities Using Permissions Boundaries1.6. Connecting to EC2 Instances Using AWS SSM Session Manager1.7. Encrypting EBS Volumes Using KMS Keys1.8. Storing, Encrypting, and Accessing Passwords Using Secrets Manager1.9. Blocking Public Access for an S3 Bucket1.10. Serving Web Content Securely from S3 with CloudFront
2.0. Introduction2.1. Defining Your Private Virtual Network in the Cloud by Creating an Amazon VPC2.2. Creating a Network Tier with Subnets and a Route Table in a VPC2.3. Connecting Your VPC to the Internet Using an Internet Gateway2.4. Using a NAT Gateway for Outbound Internet Access from Private Subnets2.5. Granting Dynamic Access by Referencing Security Groups2.6. Using VPC Reachability Analyzer to Verify and Troubleshoot Network Paths2.7. Redirecting HTTP Traffic to HTTPS with an Application Load Balancer2.8. Simplifying Management of CIDRs in Security Groups with Prefix Lists2.9. Controlling Network Access to S3 from Your VPC Using VPC Endpoints2.10. Enabling Transitive Cross-VPC Connections Using Transit Gateway2.11. Peering Two VPCs Together for Inter-VPC Network Communication
3.0. Introduction3.1. Using S3 Lifecycle Policies to Reduce Storage Costs3.2. Using S3 Intelligent-Tiering Archive Policies to Automatically Archive S3 Objects3.3. Replicating S3 Buckets to Meet Recovery Point Objectives3.4. Observing S3 Storage and Access Metrics Using Storage Lens3.5. Configuring Application-Specific Access to S3 Buckets with S3 Access Points3.6. Using Amazon S3 Bucket Keys with KMS to Encrypt Objects3.7. Creating and Restoring EC2 Backups to Another Region Using AWS Backup3.8. Restoring a File from an EBS Snapshot3.9. Replicating Data Between EFS and S3 with DataSync
4.0. Introduction4.1. Creating an Amazon Aurora Serverless PostgreSQL Database4.2. Using IAM Authentication with an RDS Database4.3. Leveraging RDS Proxy for Database Connections from Lambda4.4. Encrypting the Storage of an Existing Amazon RDS for MySQL Database4.5. Automating Password Rotation for RDS Databases4.6. Autoscaling DynamoDB Table Provisioned Capacity4.7. Migrating Databases to Amazon RDS Using AWS DMS4.8. Enabling REST Access to Aurora Serverless Using RDS Data API
5.0. Introduction5.1. Configuring an ALB to Invoke a Lambda Function5.2. Packaging Libraries with Lambda Layers5.3. Invoking Lambda Functions on a Schedule5.4. Configuring a Lambda Function to Access an EFS File System5.5. Running Trusted Code in Lambda Using AWS Signer5.6. Packaging Lambda Code in a Container Image5.7. Automating CSV Import into DynamoDB from S3 with Lambda5.8. Reducing Lambda Startup Times with Provisioned Concurrency5.9. Accessing VPC Resources with Lambda
6.0. Introduction6.1. Building, Tagging, and Pushing a Container Image to Amazon ECR6.2. Scanning Images for Security Vulnerabilities on Push to Amazon ECR6.3. Deploying a Container Using Amazon Lightsail6.4. Deploying Containers Using AWS Copilot6.5. Updating Containers with Blue/Green Deployments6.6. Autoscaling Container Workloads on Amazon ECS6.7. Launching a Fargate Container Task in Response to an Event6.8. Capturing Logs from Containers Running on Amazon ECS
7.0. Introduction7.1. Using a Kinesis Stream for Ingestion of Streaming Data7.2. Streaming Data to Amazon S3 Using Amazon Kinesis Data Firehose7.3. Automatically Discovering Metadata with AWS Glue Crawlers7.4. Querying Files on S3 Using Amazon Athena7.5. Transforming Data with AWS Glue DataBrew
8.0. Introduction8.1. Transcribing a Podcast8.2. Converting Text to Speech8.3. Computer Vision Analysis of Form Data8.4. Redacting PII from Text Using Comprehend8.5. Detecting Text in a Video8.6. Physician Dictation Analysis Using Amazon Transcribe Medical and Comprehend Medical8.7. Determining Location of Text in an Image

9.0. Introduction9.1. Using EC2 Global View for Account Resource Analysis9.2. Modifying Tags for Many Resources at One Time with Tag Editor9.3. Enabling CloudTrail Logging for Your AWS Account9.4. Setting Up Email Alerts for Root Login9.5. Setting Up Multi-Factor Authentication for a Root User9.6. Setting Up AWS Organizations and AWS Single Sign-On

Content preview from AWS Cookbook

Appendix. Fast Fixes

These useful small bits of code will help you save time and get the most out of AWS.

Set your AWS_ACCOUNT_ID to a bash variable:

export AWS_ACCOUNT_ID=$(aws sts get-caller-identity \
--query Account --output text)

Get the most recently created CloudWatch log group name:

aws logs describe-log-groups --output=yaml \
--query 'reverse(sort_by(logGroups,&creationTime))[:1].{Name:logGroupName}'

Tail the logs for the CloudWatch group:

aws logs tail <<LOGGROUPNAME>> --follow --since 10s

Delete all log groups that match a text pattern and prompt yes/no for confirmation:

aws logs describe-log-groups | \
jq ".logGroups[].logGroupName" | grep -i <<pattern>> | \
xargs -p -I % aws logs delete-log-group --log-group-name %

Stop all running instances for your current working Region (H/T: Curtis Rissi):

aws ec2 stop-instances \
--instance-ids $(aws ec2 describe-instances \
--filters "Name=instance-state-name,Values=running" --query "Reservations[].Instances[].[InstanceId]"
--output text | tr '\n' ' ')

Determine the user making CLI calls:

aws sts get-caller-identity --query UserId --output text

Generate YAML input for your CLI command and use it:

aws ec2 create-vpc --generate-cli-skeleton yaml-input > input.yaml
#Edit input.yaml - at a minimum modify CidrBlock, DryRun, ResourceType, and Tags
aws ec2 create-vpc --cli-input-yaml file://input.yaml

List the AWS Region names and endpoints in a table format: